Access token
To use Identity SDK, you will first need to have a access token. This page presents the steps on how to create keys, generate the Identity access token and the recommended ways to do it.
- 1.
- 2.If you do not have a token, generate one.
- 3.Retrieve the
clientIdandclientSecretfrom one of the generated tokens.
Do not store these fields directly in your mobile/web application. These values should not leave your backend.
You can repeat this procedure to generate accesses combining different functions and SDKs.
The following steps describe how you can generate a token that is valid only for a specific user. This is the recommended way to generate and distribute tokens because it limits a possible attack to a single user account.
- 1.At some point in your application flow, create a JWT with the structure of the example below;
- Remember to replace the
{clientId},{personId}and{expiresAt}fields. - All of these fields are strongly recommended, but you can see which ones are required at the bottom of this page.
- 2.Sign the token with your
clientSecret; - 3.Send this token to your application.
Example:
Header
Payload
{
"alg": "HS256",
"typ": "JWT"
}
{
"iss": "{clientId}", // string
"exp": {expiresAt}, // number
"personId": "{personId}" // string
}
- 1.
- 2.Keep the Header field, do not change;
- 3.Edit the payload, only the
issfield is required; - 4.Replace
your-256-bit-secretwith yourclientSecret; - 5.Click Share JWT to copy the generated token to the clipboard;
- 6.Use this token to authenticate the SDK.
Parameter | Required | Description |
|---|---|---|
iss | Yes | Your clientId |
exp | No | |
personId | No | The CPF (Individual Taxpayer Registration Number) for which the token will be valid |
Last modified 2mo ago